[openssl-dev] Circumstances cause CBC often to be preferred over GCM modes
Hubert Kario
hkario at redhat.com
Tue Dec 16 17:18:05 UTC 2014
On Tuesday 16 December 2014 18:15:19 Hanno Böck wrote:
> On Tue, 16 Dec 2014 17:11:34 +0100
>
> Hubert Kario <hkario at redhat.com> wrote:
> > they don't differ...
>
> oh sorry, must've pasted the wrong string.
>
> But please ignore my first patch, I don't think this is optimal. I'll
> do another one later.
>
> What I think is a sane approach is to leave the current code mostly as
> it is, just add one further sorting step that will bring GCM ciphers in
> front of non-gcm ones.
> I think that should give the desired result.
to this specific issue, yes, but in general fixing ordering also with relation
to PFS is a good idea
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
More information about the openssl-dev
mailing list